Manualshelf

Nonstop Volume Level Encryption Guide

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series
41424344454647484950
1
NonStop processors
2
CLIMs
3
Disks
The CLIM on the -M path reads the data, re-encrypts it with the new key and writes it back to the
disk. The -MB path is automatically brought up at the completion of the key rotation on the -M path.
NOTE: It can take up to 15 minutes for the -MB path to be automatically brought up.
Preparation for CLIM key rotation
Before performing CLIM key rotation, prepare the disks:
Use FCHECK to check disk volume for errors:
FCHECK -SCAN -VOL volume-name
See FCHECK --HELP for help.
Use the DCOM disk space compression program to de-fragment the disk
CLIM key rotation procedure
CLIM key rotation is performed while the drive remains up and its alternate path is down.
1. Use the SCF STATUS DISK command to verify that all paths are in STARTED state:
91-> STATUS DISK $SAS112
STORAGE - Status DISK \BLDQA2.$SAS112
LDev Primary Backup Mirror MirrorBackup Primary Backup
PID PID
438 *STARTED STARTED *STARTED STARTED 2,403 3,544
2. Use the STATUS DISK, ENCRYPTION command to check the encryption state of the primary
and mirror disks:
90-> STATUS DISK $SAS112, ENCRYPTION
STORAGE Status DISK \BLDQA2.$SAS112, ENCRYPTION
Primary path
Not Encrypted
ChangeStatus..... No change in progress
Backup path
Not Encrypted
ChangeStatus..... No change in progress
Mirror path
Not Encrypted
ChangeStatus..... No change in progress
Mirror backup path
Not Encrypted
ChangeStatus..... No change in progress
3. Use the ALTER DISK command to start CLIM key rotation on the primary disk:
ALTER disk-name-P | -B | -M | -MB, NEWENCRYPTKEY, KEYALGORITHM keyalgorithm[, KEYSIZE keysize]
You must specify -P, -B, -M or -MB. The default keysize is 256. This example uses the XTS-AES
KEYALGORITHM:
11-> ALTER DISK $SAS112-P, NEWENCRYPTKEY, KEYALGORITHM XTS-AES
12->
4. Now, when you do a STATUS DISK, ENCRYPTION command, it shows ChangeStatus as “In
progress at...” for the -P path, “In progress on other CLIM” for the -B path, and “No change
in progress” for the -M and -MB paths:
49-> STATUS DISK $SAS112, ENCRYPTION
STORAGE Status DISK \BLDQA2.$SAS112, ENCRYPTION
Primary path
46 Encrypting data on storage devices